Find out what the business benefits of a virtual private network are and how it works.
As we become more and more reliant on the internet, securing the information we send, both for work and for private purposes becomes increasingly important. Virtual private networks (VPNs) are rising in popularity, but what is a VPN, how does it work and what benefits does it bring?
What is a virtual private network?
In simple terms, virtual private networks are a way of extending a private network over a public one, so that machines can share information as though they were directly connected. A VPN creates an encrypted, secure connection, rather like a tunnel running between your device and a server over the internet, so that communication between the two is as secure as if they were on a completely private network. It does this through the use of a tunnelling protocol combined with security procedures. We’ll look at these in a bit more detail later.
VPNs are generally used by businesses to allow remote workers to securely access central systems. There are also a number of public VPN services that are increasingly popular with internet users wanting a more secure way of connecting to the net. While remote access is the most common use of VPNs, they can also be used for site-to-site communication, connecting networks in different locations together.
VPN security and privacy
While a VPN isn’t able to make communication entirely anonymous, it does make it possible to substantially increase security and privacy and to protect sensitive information. This is because a VPN only allows remote access via the appropriate tunnelling protocols and encryption methods. What this means in practice is that even if data packets were to be intercepted, the hacker would only see encrypted data. There’s also sender authentication which prevents unauthorised users gaining access to the VPN, and control of message integrity to prevent data being tampered with in transit.
Before secure VPN tunnels can be established, the tunnel endpoints must be authenticated. Remote-access VPNs can employ a number of methods to do this. Most commonly employed are passwords, biometrics and two-factor authentication. Network-to-network tunnels for business use often use passwords or rely on digital certificates. This means they can permanently store the key to allow the tunnel to establish automatically, without needing intervention from the administrator to reconnect.
VPNs are increasingly being used by individuals as a way of safeguarding their privacy too. By signing up to a public VPN service they are able to secure their communications to and from the internet. They can also be used to connect to proxy servers in order to mask individual identity and location. This technique also enables users to get around geographic restrictions. This does mean, however, that some websites choose to block access to known VPN technology in order to prevent the circumvention of their geographical or other restrictions.
When considering ‘What is a virtual private network?’ it’s important to note that all VPNs are not the same. There are a number of different protocols in use, all of which offer their own particular advantages. Most common are:
- Internet Protocol Security (IPsec) – this was developed for IPv6 by the Internet Engineering Task Force (IETF). It’s a standards-based security protocol also in widespread use with the Layer 2 Tunnelling Protocol and IPv4. The design of IPsec meets many security goals including integrity, authentication, and confidentiality. IPsec makes use of encryption; its IP packets are encapsulated inside an IPsec packet. At the end of the tunnel, de-encapsulation occurs; a process which involves the decryption of the original IP packet after which it is forwarded to its intended destination.
- Transport Layer Security (SSL/TLS) – this can tunnel the traffic of an entire network or just secure an individual connection. A number of vendors provide remote-access VPN capabilities using SSL. An SSL VPN is able to connect from locations in which IPsec encounters problems with firewall rules and Network Address Translation.
- Datagram Transport Layer Security (DTLS) – this is used in OpenConnect VPN and Cisco AnyConnect VPN systems in order to overcome the issues with SSL/TLS in tunnelling over UDP.
- Microsoft Point-to-Point Encryption (MPPE) – this works with the Point-to-Point Tunnelling Protocol and in compatible implementations on a number of other platforms.
Microsoft Secure Socket Tunneling Protocol (SSTP) – this tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunnelling Protocol traffic through an SSL 3.0 channel.
- Multi Path Virtual Private Network (MPVPN) – this is a proprietary VPN system produced by the Ragula Systems Development Company.
- Secure Shell (SSH) – this is an open source system using OpenSSH which offers VPN tunnelling to provide secure remote connections to a network, or inter-network links. OpenSSH server is able to provide a limited number of concurrent tunnels.
Once an appropriate technology has been selected, each client or endpoint system needs to have the appropriate software support. Provided a proprietary system isn’t being used, this is built into many modern operating systems, so there’s minimal additional cost.
VPN can also be used as a way of providing extra security for wireless connections. Using VPN to secure connections between endpoint systems and wireless access points provides strong protection with minimal performance impact.
How to set up a VPN
There are off-the-shelf solutions to providing VPNs. Individual users can sign up to one of many online services that will provide a VPN connection to the internet. Businesses may opt to buy a VPN server system to meet their needs.
For smaller businesses, this may not be cost effective, but it’s quite possible to find how to setup a VPN using the capabilities that are already built into Windows, with no need to buy additional software. In Windows 10 everything you need to connect to a VPN is in the Network & Internet section of the Settings menu; all you need to do is add a VPN connection and enter the details of the server you want to connect to. There are a number of sites online offering step-by-step guides on how to do this. You’ll find guides are available for earlier versions of Windows too, as well as for other popular operating systems including Android, Apple and Linux.
Business benefits of a VPN
VPNs are popular with businesses for a number of reasons. The main one is that they allow employees to securely access a corporate intranet whilst they are outside the office. This makes the VPN a good choice for companies that have workers such as sales staff or service engineers operating in the field, or that have telecommuters or people working from home. These users are able to connect via a home or mobile internet service but with the added security benefits of the VPN.
VPNs can also be used to securely connect different offices or sites of a company, creating a single cohesive network for all the users in the business. VPNs can be used in mobile environments too; they allow for roaming seamlessly between WiFi and cellular networks without dropping the secure connection.
All of this has advantages for the wider business. It can, for example, allow secure connection for home workers and remote offices without the need for expensive leased lines. Home users can use their existing broadband connectivity. Creating a VPN is therefore much cheaper than setting up a dedicated private network.
It’s important to note that VPNs do have some drawbacks and there are some issues that need careful consideration before adopting the technology. Firstly, it’s important to have an understanding of exactly what a VPN can do and what level of protection it’s able to provide. Careful configuration and installation is needed to ensure sufficient security, especially if using public internet connections.
Secondly, if you’re using a VPN over an internet connection, then not all of it is under your business’ direct control. You are heavily reliant on the ISP and its quality of service for the reliability of your connection.
Finally, as we’ve seen above, there are several different VPN technologies. In the past, these haven’t always been compatible due to the different technology standards used. It’s therefore not advisable to try to pick and mix VPN equipment and systems as this is likely to lead to technical problems. Choosing a method and equipment from a single provider is likely to be more reliable but may be more costly.